Interesting. This suggest to me that both sides
have shown that they could do this if they wanted to.
WASHINGTON — The
United States and China are negotiating what could become the first
arms control accord for cyberspace, embracing a commitment by each
country that it will not be the first to use cyberweapons to cripple
the other’s critical infrastructure during peacetime, according to
officials involved in the talks.
While such an agreement could address attacks on
power stations, banking systems, cellphone networks and hospitals, it
would not, at least in its first version, protect against most of the
attacks that China has been accused of conducting in the United
States, including the widespread poaching of intellectual property
and the theft of millions of government employees’ personal data.
What other “locked” services might be attacked
from the inside?
AT&T
sues former workers, alleging secret scheme to unlock hundreds of
thousands of phones
AT&T has filed suit against former employees
alleged to have been paid tens of thousands of dollars to install
malware on company computers to help “hundreds of thousands” of
AT&T customers unlock their smartphones without permission.
California-based Swift Unlocks, which allegedly
orchestrated the scheme and in turn sold the illicit unlocking
services to AT&T customers, is also being sued.
… Once you’ve paid off your wireless
contract, the FCC now requires carriers to give customers an unlock
code that will allow them to take their device to another wireless
provider — if they so choose.
AT&T’s suit says Swift Unlocks, based in
Anaheim, Calif., was using employees inside AT&T’s customer
service center in Bothell, Wash., to secretly obtain unlock codes for
devices that were still under contract, which means the carrier had
no obligation to release them to competing carriers.
For my Computer Security students. In order to
protect an asset you need to know you have an asset. Let's hope they
don't miss the forest for the trees.
Pentagon
designing cyber 'scorecard' to stay ahead of hackers
The U.S. Defense
Department is building a massive, electronic system to provide an
overview of the vulnerabilities of the military's computer networks,
weapons systems, and installations, and help officials prioritize how
to fix them, the deputy commander of U.S. Cyber Command said on
Thursday.
… The effort, being
led by the Pentagon's chief information officer, grew out of a
critical report about cyber threats released earlier this year by the
Pentagon's chief weapons tester, and escalating cyber attacks by
China and Russia.
The report by Michael
Gilmore, the Pentagon's director of testing and evaluation, warned
that nearly every major U.S. weapons system was vulnerable to cyber
attacks.
… He said the
initial focus of the new scorecard would be on the greatest threats,
including weapons systems fielded 30 years ago before the cyber
threat was fully understand, as well as newer systems that were not
secure enough.
Perhaps they think you would object.
In the last few years, FBI has been dramatically expanding its biometrics programs, whether by adding face recognition to its vast Next Generation Identification (NGI) database or pushing out mobile biometrics capabilities for “time-critical situations” through its Repository for Individuals of Special Concern (RISC). But two new developments—both introduced with next to no media attention—will impact far more every-day Americans than anything the FBI has done on biometrics in the past. Read about the first development below and the second here.
I'll bet they lose very few customers. AVG has a
good anti-virus program.
AVG says it
can sell your browsing data in updated privacy policy
AVG has updated
its privacy policy's language, and in the amended document, the
security firm admits that it can "make money from [its] free
offerings with non-personal data." These "non-personal"
info include your device's brand, language and apps in use, among
other things. The company is adamant that it doesn't sell anything
with identifying information, and the data that it does collect is
anonymized and stored without anything that can link it back to you.
According to the updated policy, AVG can collect data you yourself
provide -- plus, it can use cookies to track your searchers and your
activities on websites, apps and other products. It can then use
those details to "build anonymous data profiles" or create
statistical information, which it can then sell.
A spokesperson from the company told Wired
UK that AVG updated the language to be more transparent and
make sure people know that it can make money off its free products
using their information. The new rules will take effect on October
15th, 2015 and by continuing to use AVG after that, you already agree
to the collection – unless you take the steps to opt
out. The spokesperson said that "users who do not want [the
security firm] to use non-personal data in this way will be able to
turn it off."
It's a privacy violation that is a big deal. How
culturally aware is some kid in California with two days of training?
This is a story that was too easy to miss in my
newsfeed, but as I read it, I felt tremendous fear for women in
Afghanistan. What might be an annoying hack or breach here may put
their lives in danger there. Read it and think.
Peter Holley reports:
By the time the distraught young woman arrived at the Sunshine Internet Cafe in western Kabul, she was in a state of panic, with tears streaming down her face.
Someone, she claimed, had hacked into her Facebook page and stolen her personal photos. The thief used those images to create a fake profile, one littered with offensive posts boasting of drug use and illicit behavior.
In Afghanistan, this can get a woman killed.
[…]
At least three or four times a week, he estimated, young women show up at his Internet cafe desperate for help. Their complaints are always the same: fake Facebook profiles using their photos, hacked personal information, inboxes deluged with pornography, and violent threats from aggressive suitors and alleged militants. Respectable reputations are demolished with a few keystrokes.
Ahmadi said he has reported fake profiles to Facebook on behalf of women more than 50 times, but it rarely matters. He suspects that the threats are so culturally specific — a profile photo showing a woman’s face or a beer Photoshopped into a photo of a female gathering, for example — that they often go unnoticed by Facebook administrators reviewing flagged accounts. What may look like an innocent account in the United States can be full of menacing innuendo to Afghan eyes.
“Most of the time, Facebook is saying, ‘No, you’re wrong, thanks for reporting, but this is not a fake account,'” he said. “I don’t think they understand the culture of Muslim countries.”
Read more on Washington
Post.
I think Kim is much more amusing than Donald
Trump. If Lessig is correct, it looks like the DoJ is acting as
Hollywood's attack dog.
The
Unsinkable Kim Dotcom?
Someone perhaps even more flamboyant than Donald
Trump may be getting involved in the U.S. presidential race -- and
not on the Republican side.
Notorious Internet entrepreneur Kim Dotcom is not
running for office, but as his extradition case heats up in New
Zealand, a possible
Democratic candidate for the presidency – mild-mannered Harvard
law professor Lawrence Lessig -- has come
to his defense.
… Dotcom brazenly defied the U.S. authorities
by relaunching
his company as Mega just a year from the day the FBI took down
Megaupload.
And why shouldn't he have done so? Dotcom
has done no wrong, according to Lessig, who filed a
37-page affidavit on his behalf in a New Zealand court this week.
The actions spelled out in the DoJ's indictment of
Dotcom "were not prohibited by criminal statutes of the United
States. Filings of the DoJ attempt to create a false impression of
criminal guilt and are not reliable," the affidavit concludes.
Looking from the inside – for my students.
Creating
a Successful (and Legal) Internship Program
No comments:
Post a Comment